The C Standard, 6.7.3.2.1, paragraph 18 20 [ISO/IEC 9899:20112024], says
As a special case, the last element of a structure with more than one named member may have an incomplete array type; this is called a flexible array member. In most situations, the flexible array member is ignored. In particular, the size of the structure is as if the flexible array member were omitted except that it may have more trailing padding than the omission would imply.
...
Tool | Version | Checker | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| flexible-array-member-assignment flexible-array-member-declaration | Fully checked | ||||||||||
Axivion Bauhaus Suite |
| CertC-MEM33 | Fully implemented | ||||||||||
CodeSonar |
| LANG.STRUCT.DECL.FAM | Declaration of Flexible Array Member | Supported, but no explicit checker||||||||||
Compass/ROSE | Can detect all of these | ||||||||||||
Cppcheck Premium |
| premium-cert-mem33-c | Partially implemented | ||||||||||
Helix QAC |
| C1061, C1062, C1063, C1064 | |||||||||||
Klocwork |
| MISRA.INCOMPLETE.STRUCT | |||||||||||
LDRA tool suite |
| 649 S, 650 S | Fully implemented | ||||||||||
Parasoft C/C++test |
| CERT_C-MEM33-a | Allocate structures containing a flexible array member dynamically | ||||||||||
| Misuse CERT C: Rule MEM33-C | Checks for misuse of structure with flexible array member (rule fully covered) | |||||||||||
RuleChecker |
| flexible-array-member-assignment | Memory allocation ignores flexible-array-member | PRQA QA- | C9.1 | 1061, 1062, 1063, 1064declaration | Fully checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Bibliography
[ISO/IEC 9899:20112024] | Subclause 6.7.3.2.1, "Structure and Union Specifiers" |
[JTC1/SC22/WG14 N791] | Solving the Struct Hack Problem |
...